Multifactor Authentication: A Cybersecurity Insurance Requirement

Close up top view of concentrated woman work on laptop manage family expenditures expenses using gadget, focused housewife busy calculating finances, plan budget on computer, pay bills or taxes online

Every employee benefit plan is the guardian of sensitive information. This data makes every plan an attractive target for cyber predators. To combat intrusions, cybersecurity insurance providers have made multifactor authentication a requirement for MFA cyber coverage.

What Is MFA?

MFA reduces the risk of unauthorized network access by requiring at least two of the following factors from users:

  • Something They Know: Passwords and security questions
  • Something They Have: Text messages, verification emails, authorization apps or hardware security keys
  • Something They Are: Fingerprints or facial scans

What Are the MFA Methods?

Most MFA systems pair an initial login password with one of the following methods:

  • TOTP: With time-based one-time passwords, a website transmits a single-use password — usually five or six numbers — in the form of a text or email. The user must then enter the supplied password within an allotted time. A smartphone authenticator application can streamline the process of returning the time-based password.
  • U2F: The universal two-factor identification standard makes several security improvements over TOTP. With U2F, users plug a security token into their computer or mobile device to handle the second password handoff. U2F nearly eliminates the risk of a cyber predator intercepting the second password.

MFA is an essential component of a comprehensive cybersecurity program. In addition to cybersecurity coverage, an insurance provider specializing in the needs of benefit plans is a valuable ally.